In the new version 3.0 of privacyIDEA there are numerous internal, but also some visible changes and new functionality. So the system based on the Python framework Flask is now executable both under Python 2.7 and under Python 3. Furthermore, the database schema has been rebuilt so that in the future it will be possible to assign one authentication device to multiple users. The old crypto library pycrypto has been replaced with cryptography and the stored signatures and encrypted data are now provided with a version tag, which will make it easier to exchange crypto-mechanisms in the future.
The token management system also adds a new token type. The push token allows the Firebase service to send a push message to the user’s smartphone if they want to log in to an application. The user confirms the request on his smartphone with just one click. The answer signed on the smartphone is sent back to privacyIDEA, so that the application can now check whether the user has given the consent to register. The user is logged in automatically.
privacyIDEA is a powerful system in which behavior can be customized through policies. This can become confusing for the administrator in complex systems. Even so far, all actions that occur in the system have been recorded in the audit log. Now the audit log has been extended to include information on which policies contributed to the decision and behavior of each action. This is to make the work easier for the administrator and the service desk.
All changes can be read in detail in the change log. The new version of privacyIDEA is available for download via Github or the Python Package Index. privacyIDEA can also be installed on the Univention Corporate Server via the AppCenter. Possible installation variants are described in the online documentation. In addition, an updated corporate edition will be available shortly with support and warranties.
privacyIDEA is a multi-factor authentication system that manages additional authentication factors for users. For example, two-factor authentication can be implemented on web applications, VPN, SSH and Windows or Linux desktops. privacyIDEA accesses existing user sources such as LDAP, Active Directory or SQL databases, but can also manage users if required. It supports a variety of authentication types such as OTP (HOTP, TOTP, mOTP), Smartdisplayer OTP cards, Nitrokeys, Yubikeys, smartphone apps like Google Authenticator, FreeOTP or TiQR, U2F and also SSH keys and X.509 certificates. With its built-in, easy migration capability, it is an alternative to commercial products such as RSA SecurID, Vasco Indentikey or cloud solutions like DUO or SafeNet Authentication Service.
Submitted by: Arnfried Walbrecht